Headline
CVE-2021-37111: October
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the September 2021 Android security bulletin.
Critical: CVE-2021-0687
High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2021-0685, CVE-2021-0693, CVE-2021-0686, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974
Medium: CVE-2021-1957, CVE-2021-1958, CVE-2021-1961
Low: none
Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-28375, CVE-2021-0585
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-37020: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-22326: Kernel space read/write vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37118: Man-in-the-middle (MITM) attack vulnerability when using HUAWEI Share in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37117: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37114: Out-of-bounds read vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37113: Privilege escalation vulnerability with the file system component in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37111: Memory leakage vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause memory exhaustion.
CVE-2021-37103: Improper permission management vulnerability in the HUAWEI Wallet app
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37097: OOM vulnerability with the system framework code in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause an OOM issue.
CVE-2021-37093: Improper access control vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37092: Memory leakage vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.
CVE-2021-37075: Credential management vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37056: Improper permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.
CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37053: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37052: Exception log vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause address information leakage.
CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.
CVE-2021-37047: Input verification vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause some services to restart.
CVE-2021-37045: UAF vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-37044: Permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37042: Improper verification vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37041: Improper verification vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37021: Improper verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37119: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37014: Integer overflow vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect the normal use of the device.
CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices
Severity: Low
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37011: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-36999: Buffer overflow vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE-2021-36997: Low memory error in some HUAWEI devices due to the unlimited size of images to be parsed
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
CVE-2021-36995: Unauthorized file access vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some HUAWEI devices due to race conditions
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0 Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
CVE-2021-36991: Unauthorized file access vulnerability in some HUAWEI devices due to unstandardized path input
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
CVE-2021-36990: Vulnerability of tampering with the kernel in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36989: Kernel crash vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36986: Vulnerability of tampering with the kernel in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36985: Code injection vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service stability and integrity.
CVE-2021-22491: Input verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22489: DoS vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22488: Unauthorized file access vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22481: Verification errors in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22475: Improper permission management vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22469: Out-of-bounds memory read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the kernel to crash.
CVE-2021-22460: Boot restriction bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some HUAWEI devices
Severity: High
Affected versions: EMUI 9.1.1, EMUI 9.1.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect the normal use of system apps.
CVE-2021-22374: Out-of-bounds array access in the kernel of some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause stability risks.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22345: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-37120: Double free vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.
CVE-2021-37121: Configuration defects in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.
CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause integer overflows.